Splunk Search

Discussions

Thread Info

How do you color code a cell?

I've read through a lot of articles, but I can't figure out how to make this work. My query is below. For ease of rea...

by New Member in

Can you help me visualize my input lookup file?

Hello There, I have a file CSV as shown in the attached screenshot. I want someone to help me to draw these dates ...

by Path Finder in

How do I reconstruct the path of a message across multiple events?

I have a log file from our ESB that has multiple events for each message. I want to join those back together so I can...

by Explorer in

How do you compare a previous average with the current actual count?

Hello, I am trying to write an SPL to do the below but hitting a road block. Can someone please help!! Date ...

by Explorer in

How do i display the latest event from two event IDs by computer name?

Hello, I am trying to complete a query that allows me to see both the latest failed and successful backups from e...

by Communicator in

What would be the best way to use index and source type for multiple projects?

Hi everyone, I am new to Splunk and i have a quite a few projects in my organization. I know that an index can hav...

by New Member in

Can you help me combine 2 queries into a timechart?

Hi all, I have the following data and I need some help to progress further. I have fields: _time uniqueId actio...

by New Member in

How do you use the value of the lookup filename as a field in the search result?

Here is the search and lookup, I need to capture the value, last_logon_lookup_20180928.csv We need the value in bo...

by Explorer in

Drilldown on results of a subsearch not working

Woodcock - As a new question to the previous one that you help resolve - do you have any idea why the drilldown isn't...

by Engager in

How to use a different time range within a subsearch?

Splunk rookie here, so please be gentle. I am hoping someone can help me with a date-time range issue within a subsea...

by Engager in

How to add % symbol with data labels in charts?

I want to add % symbol with both the y-axis legend and data labels Thanks in advance!

by Path Finder in

How to get Splunk btool command to return an exact match?

Hi, I have savedsearches like: dev_sudo dev_sudo mod dev_sudo mod2 How to dump the first with btool? If I u...

by Communicator in

How do you extract a hostname from a source path?

Hello all , I've configured Splunk to monitor directory , i.e. /usr/home/test/* for new CSV files ( periodically ...

by New Member in

Join Earlier Joins with Later

I'm doing a join where I want to only get subsearch events that happened before the parent search event. Thus, I'm us...

by New Member in

How to trigger the DMC Alert - Near Critical Disk Usage alert on the monitoring console?

Hello, I've been asked to set up an alert for disk space exceeding 80%. I enabled the DMC Alert - Near Critical ...

by Path Finder in

Why am I seeing several thousand skipped searches per day in the Splunk Deployment Monitor app?

Using Splunk 7.2.0. While looking at the Monitoring Console and performing this search (see below) , I see almost ...

by New Member in

Subsearch leading to

I notice that the below query results in 0 events, whereas the baseSearch alone results in 11 events and the sub-sear...

by Engager in

How can I make my table results in 3s time intervals?

Query I am running: index="dcg-video-eng-live-services-stage" | spath "message.req.originalUrl" | search "message....

by Path Finder in

How can I split JSON into multiple events?

Hi, can anyone help me a bit? i am trying to split an event in more lines or more events, every events got multipl...

by Path Finder in

How do I convert epochtime = -1 to a human readable format?

I am creating a dashboard for Tenable results and some entries have a Patch Publication Date value of -1. I'm having ...

by Explorer in

How should I rename a dynamic value after using the timechart count by?

Hi All, I am using this search string as below : (some data- index, host, etc)............. | xmlkv | search "ns0:...

by New Member in

How do I make a query which finds logs where the value for a field matches?

Log1: id=5 errorA Log2: id=5 errorB I would like a query to return the logs with the same id value grouped togethe...

by Explorer in

How do I search for events within _indextime?

I understand the behavior of Splunk when using _indextime, but I want to know what query would do what I really am lo...

by Engager in

Is there a way to draw the line of where the cutoff point for outliers is?

I refer to the outlier command https://docs.splunk.com/Documentation/Splunk/7.0.4/SearchReference/Outlier *Is ther...

by Motivator in

How do I extract a value from the the following JSON?

I want to extract the following values from below JSON. Values needs to be extracted from the highlighted text in Bol...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you color code a cell?

Can you help me visualize my input lookup file?

How do I reconstruct the path of a message across multiple events?

How do you compare a previous average with the current actual count?

How do i display the latest event from two event IDs by computer name?

What would be the best way to use index and source type for multiple projects?

Can you help me combine 2 queries into a timechart?

How do you use the value of the lookup filename as a field in the search result?

Drilldown on results of a subsearch not working

How to use a different time range within a subsearch?

How to add % symbol with data labels in charts?

How to get Splunk btool command to return an exact match?

How do you extract a hostname from a source path?

Join Earlier Joins with Later

How to trigger the DMC Alert - Near Critical Disk Usage alert on the monitoring console?

Why am I seeing several thousand skipped searches per day in the Splunk Deployment Monitor app?

Subsearch leading to

How can I make my table results in 3s time intervals?

How can I split JSON into multiple events?

How do I convert epochtime = -1 to a human readable format?

How should I rename a dynamic value after using the timechart count by?

How do I make a query which finds logs where the value for a field matches?

How do I search for events within _indextime?

Is there a way to draw the line of where the cutoff point for outliers is?

How do I extract a value from the the following JSON?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions